Implementing QOS on Cisco 1700 IOS 12.3 in a 3 site configuration.

I've got a particular network setup that is beyond the traditionnal leased-lines scenario to which I have 3 Cisco 1711 routers serving my 3 sites, and I want to implement QOS for Voice and Video apps that ocasionally transit between sites.

The WAN is a dedicated bandwidth cloud, to whch the head-office has 3 mbits, and the remote offices are provided with 1.5mbit, all of this is served over 100base-T ethernet. -- Head-Office
 + -- WAN ( on FastEthernet0)
 + -- LAN ( on FastEthernet1) -- Remote Office 1
 + -- WAN ( on FastEthernet0)
 + -- LAN ( on FastEthernet1) -- Remote Office 2
 + -- WAN ( on FastEthernet0)
 + -- LAN ( on FastEthernet1)

With regards to the packet priorisation and packet matching:
 1st Priority - Voice: Non-Cisco VOIP/RTP (udp 20000:25000)
 2nd Priority - Video: VideoConferencing (udp 12000:15000)
 3rd Priority - Desktop: RemoteDesktop (tcp 3389)
 4th Priority - Other: Other (unmatched traffic)

I want to avoid at most possible to do bandwidth reservation, however, I believe that in a scenario like this, its necessary.

Please help!

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If your T1's are handing off Ethernet, that means the provider owns and operates the WAN router. It's difficult if not impossible to implement QoS when you don't own both ends. You can prioritize traffic out of your routers, but as soon as it hits the WAN router, all the QoS is stripped off and packets revert to FIFO (First in First Out) with no QoS bits set, no prioritization.
If you owned both ends, you could set the priority bits on one end, and set the other end to understand them and you can use RSVP between them.
If you have MPLS circuits, you can contract with the telco to enable QoS using diffserv bits and the WAN edge router will mark traffic as priority, and the WAN will keep that information end-end.
Kris2k6Author Commented:
Indeed, no control on setting the TOS bits on the TCP/IP packet however, question has been raised to the telco.

If we can't rely on the TOS bits of the IP packet, but we do know how to identify the services (src/dst port ranges) couldn't we "assume" the link capacity, and perform traffic priorization from that? I guess this becomes traffic shaping & policing; how could we define inbound/outbound hierarchical classes for bandwidth priorisation without being stuck to reserve a certain rate for a service that may or not be used at a certain instant?

Again, yes you can classify traffic using any number of methods (simple access list with source/dst + port ranges).
This will only prioritize the packets as they leave your router and you have no control of them as they pass through the next hop router and on across the WAN.
The WAN link that you have control over is actually a FastEthernet interface. As such, it is such a wide highway path between you and the next hop (the telco's edge router to real WAN link), that there is very very little to gain by trying to use priority queueing or something when there is virtually no queue to start with. Packets can get passed through this interface as fast as they arrive and don't need to be queued up.
At the Edge router going from 100Mb LAN interface to 1.5/3Mb WAN interface - now you have a queueing issue where the router can't possibly push packets out as fast as they come in. This is where it makes sense to classify and prioritize packets because they will be queued up waiting for a ride out.
I'm a firm believer in keeping things as simple as possible and only change what you can really control and affect.
Don't spend a lot of time and $ trying to do something that really won't solve your problem at all, just make it more complicated to troubleshoot later on.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kris2k6Author Commented:
Point well taken, while the telco is debating it (that they should forward traffic, and not alter it), I still need to consider an alternative where I have no choice but to stick with the current setup.

Can the IOS handle a traffic-shaping output class with the following logic for, the main office hub.

Output bandwidth: 3mbit
  +Remote Office 1(dst subnet 1) - Priority 1 with total bandwidth shaped at 1.5mbit
      - Dst ports udp 20000:25000 - Priority 1 to the 1.5 mbit queue
      - Dst ports udp 12000:15000 - Priority 2 to the 1.5 mbit queue
      - Dst port tcp 3389 - Priority 3 to the 1.5mbit queue
      - Other - Priority 4 to the 1.5mbit queue

  +Remote Office 2(dst subnet 2) - Priority 1 with total bandwidth shaped 1.5mbit
      - Dst ports udp 20000:25000 - Priority 1 to the 1.5 mbit queue
      - Dst ports udp 12000:15000 - Priority 2 to the 1.5 mbit queue
      - Dst port tcp 3389 - Priority 3 to the 1.5mbit queue
      - Other - Priority 4 to the 1.5mbit queue

So, essentially, having one 3mbit shaped upstream class, divided in two by two 1.5mbit shaped classes, to which each subclass have priority to their respective queues based on their destination ports.  Naturally, for this to work well (since we're only affecting upstream traffic), an exact inverse configuration would have to be done at the remote sites, so traffic sent between can be controled adequately.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Voice Over IP

From novice to tech pro — start learning today.